// --- testSignChallenge ---
func testSignChallenge(challenge u2f.Challenge, regi Registration, signResp u2f.SignResponse) error {
var reg u2f.Registration
if err := reg.UnmarshalBinary(regi.U2FRegistrationBytes); err != nil {
return fmt.Errorf("reg.UnmarshalBinary error: %v", err)
}
// The AppEngine datastore does not accept uint types, see:
// https://github.com/golang/appengine/blob/master/datastore/save.go#L148
// So we cast int64 to uint32 when coming from the datastore, and back.
newCounter, err := reg.Authenticate(signResp, challenge, uint32(regi.Counter))
if err != nil {
return fmt.Errorf("VerifySignResponse error: %v", err)
}
// Update the counter for the next auth.
regi.Counter = int64(newCounter)
return nil
}
func signResponse(w http.ResponseWriter, r *http.Request) {
var signResp u2f.SignResponse
if err := json.NewDecoder(r.Body).Decode(&signResp); err != nil {
http.Error(w, "invalid response: "+err.Error(), http.StatusBadRequest)
return
}
log.Printf("signResponse: %+v", signResp)
if challenge == nil {
http.Error(w, "challenge missing", http.StatusBadRequest)
return
}
if registration == nil {
http.Error(w, "registration missing", http.StatusBadRequest)
return
}
var reg u2f.Registration
if err := reg.UnmarshalBinary(registration); err != nil {
log.Printf("reg.UnmarshalBinary error: %v", err)
http.Error(w, "error", http.StatusInternalServerError)
return
}
newCounter, err := reg.Authenticate(signResp, *challenge, counter)
if err != nil {
log.Printf("VerifySignResponse error: %v", err)
http.Error(w, "error verifying response", http.StatusInternalServerError)
return
}
log.Printf("newCounter: %d", newCounter)
counter = newCounter
w.Write([]byte("success"))
}
